U.S. Law and Cybersecurity
The U.S. government began to take cybersecurity more seriously over the last two decades as numerous cyber attacks and incidents have occurred highlighting the vulnerabilities that were present. As decision makers have slowly learned about the threats to national security that cyber attacks present they have updated their viewpoints on the matter. Today the U.S. has a strong defensive policy towards cybersecurity threats presented by both foreign actors and internal threats such as accidental data breaches. This is represented in the formation of various laws and policies that enforce elevated standards with the storage, transmitting and process of sensitive data. These standards are also observed in the increased emphasis placed on reporting incidents.
For example the Health Insurance Portability and Accountability Act (HIPAA) is a law that was created to protect private health information from unnecessary disclosure. This governs how private health information is stored, processed and transmitted. If organizations do not follow the guidelines within HIPAA they can be fined and incur other penalties. Laws such as these protect the public from the growing number of cybersecurity threats that seek to gain access to this information for illicit activity.
Where U.S. cyber policy could be improved would be with the further classification of definitions and standard operating procedures relating to cyber incidents, cyber espionage and cyber warfare. Many cyber attacks have been directed toward the United States in the last decade that could have easily been classified as an act of war or close to it. It appears that either the U.S. does not want to further stimulate existing tensions with adversarial nations or that it does not know how it wants to respond to these events. Chinese hackers responsible for cyber espionage have been indicted and treated as criminals however this activity in my analysis is greater than just a law enforcement concern. This does’t mean the U.S. should go to war but it is possible that a stronger approach could be taken by leveraging the full political and economic power of the United States against nations that direct this type of activity.